Search CVE reports
1 – 6 of 6 results
Some fixes available 11 of 34
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...
6 affected packages
postfixadmin, smarty4, collabtive, galette, gosa, smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postfixadmin | Not affected | Fixed | Fixed | Fixed |
| smarty4 | Not affected | — | — | — |
| collabtive | — | — | — | — |
| galette | — | — | — | — |
| gosa | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smarty3 | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 1 of 3
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server)...
1 affected package
gosa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gosa | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 1 of 6
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
2 affected packages
fusiondirectory, gosa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| fusiondirectory | Not in release | Not affected | Not affected | Needs evaluation |
| gosa | Not affected | Not affected | Not affected | Needs evaluation |
Some fixes available 1 of 4
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script...
1 affected package
gosa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gosa | Not affected | Not affected | Not affected | Vulnerable |
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
1 affected package
gosa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gosa | — | — | — | Not affected |
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.
1 affected package
gosa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gosa | — | — | — | Not affected |